The Global Privacy Enforcement Network ("GPEN"), a group of approximately 50 data protection authorities from around the world, will focus its 2016 "Sweep" (a coordinated online audit) ("Sweep") on the Internet of Things ("IoT").

In Ireland, the review will involve an assessment of IoT devices available in this jurisdiction and the accountability practices of companies producing such devices.

Under the spotlight will be how IoT devices process and use personal data and whether and how the users of IoT devices are kept informed of any such processes.

The combined results of the Sweep will be published in September 2016. The data protection authorities involved in the Sweep, including the Irish Office of the Data Protection Commissioner ("ODPC"), will consider action against any IoT devices found to be breaking data protection laws.

Recommended next steps

In light of the GPEN's announcement, we recommend that companies that produce, sell or utilise IoT devices should conduct a full review of those devices and the data processing systems used, to ensure that they adhere to data protection laws.

To the extent that organisations make use of IoT devices they should ensure that such use is compliant with the applicable data protection laws, as the activities under the Sweep will mean it is a key focus area for the ODPC this year.

A press release from the ODPC on the Sweep is available here.